So far extortionists mostly bluff, who claim to have secretly filmed porn users on the webcam of their computer while at the act. But that could change soon, because the dangerous malicious software PsiXBot has been extended by a module that actually can and is now on the loose.
The modular malicious program PsiXBot has been around for quite some time, but a new version of it is now attacking users of pornographic websites. The Remote Access Trojan (RAT) has been extended by its developers to include a module called CHOUHERO.
The module contains a dictionary with pornographic keywords for monitoring titles in open windows. If a window matches the text, the module starts the audio and webcam recording on the infected computer using the built-in Windows streaming feature. After recording, the video is saved with the file extension .avi and sent to the server of the malware developers. With the material collected, the extortionists can then blackmail the users.
Blackmailers are making rapid progress
The security researchers have found that the porn module of PsiXBot is not yet complete. However, the developers made such rapid progress that sooner rather than later, a blackmail campaign is expected.
Overall, this year the so-called sex torture remained a very big problem till the third quarter. Extensive campaigns were observed using social engineering messages sent using the Phorpiex botnet.
The current cyber crime report confirms this assessment and speaks of a large number of cases in which threatening emails are sent. In these emails, it is alleged that the blackmailers are in possession of video footage that would be sent to the victims’ contacts if they do not transfer money.
Scan completely and yet be careful
This is often a bluff and the blackmailers are usually not in possession of video recordings or contact lists. But that could change with the update of PsiXBot. In general, the Trojan is also not so easy to discover. The hidden program is hard to find with a virus scanner. For the normal user, it is not easy to determine if their device is affected. The only way to find the Trojan is to have a full scan of the computer with the virus scanner.
The police advise in such a case to comply with the demands of blackmailers in any case. Instead, one should collect the received messages as evidence and report. In order not to get embarrassed, the webcam should always be masked, as long as you do not really need it. After all, if anyone gets caught in the act and is blackmailed into paying money, the extortionists may not stop at once.